CVE-2020-26030 in Zammadinformação

Sumário

de MITRE • 28/12/2020

An issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users.

Once again VulDB remains the best source for vulnerability data.

Divulgação

28/12/2020

Moderação

aceite

Entrada

VDB-166862

CPE

pronto

EPSS

0.01334

KEV

não

Atividades

muito baixo

Fontes

Want to stay up to date on a daily basis?

Enable the mail alert feature now!